The vulnerability impacts a comprehensive range of Gen7 hardware firewalls, including the TZ270, TZ270W, TZ370, TZ370W, TZ470, TZ470W, TZ570, TZ570W, TZ570P, TZ670, NSa 2700, NSa 3700, NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, NSsp 13700, and NSsp 15700 models. A critical vulnerability in SonicWall Gen7 firewall products could allow remote unauthenticated attackers to cause service disruptions through denial-of-service (DoS) attacks. The format string vulnerability tracked as CVE-2025-40600 affects the SSL VPN interface of multiple SonicWall firewall models and has been assigned a CVSS v3 score of 5.9, indicating medium severity with high availability impact. For organizations unable to immediately update, SonicWall recommends disabling the SSL-VPN interface as a temporary workaround, noting that this vulnerability does not impact firewalls without SSL-VPN enabled. Security researchers have identified a vulnerability that allows attackers to exploit format string weaknesses in the SSL VPN component, potentially leading to memory corruption and subsequent service crashes. This type of vulnerability occurs when an application uses externally controlled format strings in printf-style functions, potentially allowing attackers to manipulate memory addresses and cause application crashes or service disruptions. The attack vector requires no special privileges and can be executed remotely, making it particularly concerning for organizations relying on SonicWall firewalls for network security. CVE-2025-40600 allows unauthenticated remote DoS attacks on SonicWall Gen7 firewall SSL VPN interfaces.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Jul 2025 13:10:13 +0000